[Rhodes22-list] Microsoft device helps police pluck evidence from cyberscene of crime

Herb Parsons hparsons at parsonsys.com
Wed Apr 30 17:59:05 EDT 2008 

Their description of the device requires physical access for the device 
(it's a USB device).

However, the software itself - what does the SOFTWARE require? The same 
thing all other software requires, access to your machine.

If you're asking if someone could get a hold of the software, and then 
(through other means, such as sypware, viruses, whatever) do the same 
thing without you giving them access - the simple answer is yes.

However, that really doesn't scare me. There are some pretty bad 
programs out there now that people are "letting into their systems" that 
would worry me more, but I don't "let them into my systems" because I 
understand what's going on.

You folks out there that aren't practicing safe computing... if I were 
you, I'd have been worried LONG before this little ditty got passed out.

My company provides laptops to employees that are doing a "work at home" 
test. The standard is - you do NOT use the laptop for anything but 
business related activities. Do not go to non-business-related web 
sites, do not install non-business-related software. So far, the 
experiment is a failure. Not because of the technology, but because 
people don't listen to those instructions, or don't obey them. Most 
people "Know better" than we do.

Here's a real life example

"My computer got a virus"
You didn't follow our instructions.
"Yes I did"
Ok, bring it to us, we'll take a look.
...
Your computer has Firefox. Firefox isn't a bad program, but it has no 
business application for us, because it won't work with the two primary 
web sties we use. Why did you install Firefox.
"Because I like it better"
You like it better for what? It won't work with xxxx or xxxx because 
both of them require Internet Explorer.
"Oh, I didn't know that"
Yes, because you didn't follow instructions
...
I saw you had iTunes. What business need did you have for iTunes?
"Um, I just like to listen to music while I work"
Great. I understand that. Buy a radio, or buy an iPod, or even play them 
from YOUR computer, but don't put your music on OUR computer.
...
I saw you downloaded a file sharing program from 
www.totallyillegalhacedmusicsite.com (not a real site, but you get the 
idea). Those files "asked if you agreed to their terms", and you clicked 
"yes". Why did you do that?
"Because I wanted to download the music"
You understand that's illegal?
"Um....no, I didnt" (probably lying)
You DO understand there's no business need for that right?
"Um, I do now".
OK, your "agreeing the terms" also installed a spyware program on the 
computer. Fortunately, we don't store any patient information on the 
computer, that's why you have to use a specific web site to access that 
information; however, you did introduce several pieces of malware on 
your computer when you did that. Do you understand it took me two hours 
to fix the problem?
"Um, no... reallly?"
Yes, this is your warning. Next time we will charge YOU $200 to repair 
OUR computer that YOU damaged. Do you understand now?
"Yes"
Again, do not go to non-business-related web sites, do not install 
non-business-related software.If you do those things, you will have to 
pay to clean your computer next time.
================
Welcome to my world.

The scary thing is that there are literally millions of computers out 
there with malware on their computer (usually only reading address files 
and giving them to spammers) and the ignorant among us are happily 
computing away...

Michael D. Weisner wrote:
> Herb,
>
> You said, "I don't have a problem with a device like that,as long as it 
> still takes a search warrant to use it."  I agree, totally, if warrants are 
> still required and the use of such a device is limited to law enforcement.
>
> My fear is that a USB flash drive that breaks into a PC, defeating 
> encryption algorithms, makes me wonder if it exploits a MSoft "back door" or 
> something.  How does one stop a thief from copying the contents of the flash 
> drive and using it for other purposes?  I also wonder if the intruder needs 
> to have physical access to the PC or if it may be accomplished remotely. 
> This gives the phrase "be careful what you do in private, because it could 
> become public" a whole new meaning.
>
> Mike
> s/v Shanghai'd Summer ('81)
> Nissequogue River, NY
>
> From: "Herb Parsons" <hparsons at parsonsys.com>Sent: Wednesday, April 30, 2008 
> 4:44 PM
>   
>> In the computer biz here, and a big believer in personal rights, but I
>> don't have a problem with a device like that, as long as it still takes
>> a search warrant to use it.
>>
>> Bottom line is, "be careful what you do in private, because it could
>> become public" applies in computers just like everything else.
>>
>> Michael D. Weisner wrote:
>>     
>>> For those of you in the computer biz (or nay of you personal rights 
>>> enthusiasts out there), you may find this tidbit interesting:
>>> Microsoft device helps police pluck evidence from cyberscene of crime - 
>>> "It's a hacker on a stick"  Source: Seattle Times
>>> http://seattletimes.nwsource.com/cgi-bin/PrintStory.pl?document_id=2004379751&zsection_id=2003750725&slug=msftlaw29&date=20080429
>>>
>>> or
>>>
>>> http://tinyurl.com/53zyxl
>>>
>>>
>>> Mike
>>> s/v Shanghai'd Summer ('81)
>>> Nissequogue River, NY
>>> __________________________________________________
>>> Use Rhodes22-list at rhodes22.org, Help? www.rhodes22.org/list
>>>
>>>
>>>
>>>
>>>       
>> __________________________________________________
>> Use Rhodes22-list at rhodes22.org, Help? www.rhodes22.org/list
>>
>>
>>     
>
>
> __________________________________________________
> Use Rhodes22-list at rhodes22.org, Help? www.rhodes22.org/list
>
>
>
>

More information about the Rhodes22-list mailing list